Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on 25,000 ton spam relay, with photos of it!]

From: Dave Farber <dave () farber net>
Date: Tue, 16 Dec 2003 10:34:39 -0500

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Tue, 16 Dec 2003 10:16:42 -0500
From: Suresh Ramasubramanian <suresh () hserus net>
Subject: Re: [IP] 25,000 ton spam relay, with photos of it!]
To: dave () farber net
Cc: Rich Kulawiec <rsk () gsp org>

Dave Farber  writes on 12/16/2003 10:08 AM:


 > or some nice-and-secure Windows box in the construction drydocks, running
 > Microsoft Exchange Internet Mail Service Version 5.5.2653.13
Not just Exchange. That "no.name.available" and "via smtpd (for [connecting ip]) header suggests that the exchange box is frontended with a raptor firewall.
I have seen more than one misconfigured raptor frontending an already secure mailserver (not just your average insecure exchange / IIS box) turn the mailserver it frontends into an open relay. 

        srs


 > H: Received: from no.name.available by avnavfw.lpd17.navsea.navy.mil
> H: via smtpd (for [209.181.16.1]) with SMTP; 16 Dec 2003 05:53:08 UT 
 > H: Received: from avnavfw.AVONDALE (205.67.231.5 [205.67.231.5]) by
> H: swn-email.lpd17.navy.mil with SMTP (Microsoft Exchange Internet Mail 
 > H:     Service Version 5.5.2653.13)



-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: